https://kernsec.org/wiki/api.php?action=feedcontributions&feedformat=atom&user=173.164.30.65Linux Kernel Security Subsystem - User contributions [en]2026-05-15T05:53:46ZUser contributionsMediaWiki 1.36.1https://kernsec.org/wiki/index.php?title=Projects&diff=43Projects2012-04-13T03:45:01Z<p>173.164.30.65: /* Storage */</p>
<hr />
<div>== Kernel Security Projects ==<br />
<br />
=== Access Control ===<br />
<br />
* [http://vger.kernel.org/vger-lists.html#linux-security-module Linux Security Modules (LSM)], the API for access control frameworks <br />
* [http://www.novell.com/linux/security/apparmor/ AppArmor], a pathname-based access control system <br />
* [http://selinuxproject.org/page/Main_Page Security Enhanced Linux (SELinux)], a flexible and fine-grained MAC framework <br />
* [http://www.schaufler-ca.com/ Smack], the Simplified Mandatory Access Control Kernel for Linux <br />
* [http://tomoyo.sourceforge.jp/ TOMOYO], another pathname-based access control system (LiveCD available) <br />
* [http://grsecurity.net/features.php grsecurity], extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...) <br />
* [http://www.rsbac.org/why Rule Set Based Access Control (RSBAC)], Linux kernel patch implementing a security framework <br />
* [http://schreuders.org/FBAC-LSM FBAC-LSM] aims to provide easy to configure (functionality-based) application restrictions<br />
<br />
=== Integrity ===<br />
<br />
This is a rapidly developing area, see the following LWN article for an overview:<br />
<br />
* [http://lwn.net/Articles/309441/ System integrity in Linux]<br />
<br />
=== Privileges ===<br />
<br />
* [http://www.friedhoff.org/posixfilecaps.html POSIX File Capabilities]<br />
** [http://lwn.net/Articles/313047/ Filesystem capabilities in Fedora 10 LWN article]<br />
<br />
=== Networking ===<br />
<br />
There are several separately maintained projects relating to network security, including:<br />
<br />
* [http://www.netfilter.org/ Netfilter] packet filtering <br />
* Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see [http://paulmoore.livejournal.com/ Paul Moore's blog] <br />
* [http://www.nufw.org/ NuFW] authenticating firewall based on Netfilter <br />
<br />
<br />
=== Storage ===<br />
<br />
* [http://selinuxproject.org/page/Labeled_NFS Labeled NFS], a project to add MAC labeling support to the NFSv4 protocol<br />
* [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=blob;f=Documentation/device-mapper/verity.txt dm-verity], a device mapper target for efficient, integrity-assured block devices<br />
<br />
=== Cryptography ===<br />
<br />
The cryptographic subsystem is maintained separately by Herbert Xu, refer to the [http://vger.kernel.org/vger-lists.html#linux-crypto mailing list].</div>173.164.30.65